instanceCreation

public void userFunction() {
    new MyClass();
}

Creates a new object that is an instance of a class.

Contents

• instanceCreation

  • Configuration options

    • type

    • args

    • argCount

    • followedBy

    • before

  • Generic Configuration options

    • anyOf

    • allOf

    • with

    • not, without

    • in

    • label

Configuration options

type

Checks the type of the object that will be constructed.

search:
  instanceCreation:
    type: "HttpCookie"

 public void example() {
     HttpCookie cookie = new HttpCookie();
 }

See also

The examples above use shorthands, see type target for more advanced configurations

args

Checks the arguments of the instance creation. This option is configured as a list of argument targets. There is a possibility to specifically match a certain argument (based on the position) or to choose the any match.

search:
  instanceCreation:
    args:
      1:
        value: "SESSION_ID"

 public HttpCookie createSessionCookie(String randomToken) {
     HttpCookie cookie = new HttpCookie("SESSION_ID", randomToken);
     return cookie;
 }

argCount

Checks the number of arguments.

search:
  instanceCreation:
    argCount: 2

 public HttpCookie createSessionCookie(String randomToken) {
     HttpCookie cookie = new HttpCookie("SESSION_ID", randomToken);
     return cookie;
 }

See also

The examples above use shorthands, see integer target for more advanced configurations

followedBy

Checks if the returned instance has been used as:

• the instance of which a method gets called on

• as argument of another method call

• or as an implicit call (e.g. close gets implicitly called when using a try-with-resources)

search:
  methodcall:
    name: createSecureXmlFactory
    followedBy:
      methodcall:
        name: setSecure

public bool matches(String input) {
   XmlFactory xml = createSecureXmlFactory();
   xml.setSecure();
}

The example above illustrates how to search for unnecessary explicit configurations.

In practice, this configuration will mostly be used together with the negation block not.

search:
  methodcall:
    name: createCookie()
    not:
      followedBy:
        methodcall:
          name: setSecure

public bool matches(String input) {
   Cookie cookie = createCookie();
}

before

This option only becomes significant in combination with followedBy. It adds a constraint to the analyzer to stop scanning the code when target is matched.

search:
  methodcall:
    not:
      followedBy:
        methodcall:
          name: "setSecure"
      before:
        methodcall:
          type: "Response"
          name: "addCookie"

public bool matches(String input) {
   Cookie cookie = createCookie();
   Response.addCookie(cookie);

   // the cookie creation will still be marked since the setSecure
   // has been called to late.
   cookie.setSecure(true);
}

Generic Configuration options

The following options are generic and available for every target.

anyOf

Similar to the logical operator OR: one or more descendant options should match.

search:
  <target>:
    anyOf:
    - name: "illegal"
    - name: "alsoIllegal"

allOf

Similar to the logical operator AND: all descendant options must match.

search:
  <target>:
    allOf:
    - annotation: "HttpPost"
    - annotation: "AllowUnAuthorized"

with

The only purpose to use this field is to make the recipe easier to read. It provides no additional functionality.

search:
  <target>:
    with:
      annotation: "HttpPost"

not, without

Works as the logical operator NOT. It will negate the result of the descendant options. Sensei presents the user with both options. They display the same behavior, but certain scenarios tend to read better using without.

search:
  <target>:
    not:
      annotation: "HttpPost"

search:
  <target>:
    without:
      annotation: "HttpPost"

in

Performs a structural search, this option is mainly used to narrow down recipes. Examples of this would be to only analyze and mark code inside a certain class or method that has a specific annotation. However, we haven't limited this option to only support these two scenarios. More advanced configuration can be achieved.

search:
  <target>:
    in:
      class:
        name:
          contains: "Controller"

search:
  <target>:
    in:
      method:
        annotation:
          type: "HttpPost"

label

Labels do not modify the behavior of searching elements, but they allow addressing a specific element in a quick fix.

search:
  element:
    tagName: inner
    attribute:
      name: data
    in:
      element:
        label: outerelement

availableFixes:
- name: add the 'type' attribute on the outer element
  actions:
  - add:
      attribute:
        name: type
        value: '"unsafe"'
      target: label:outerelement

- <outer>
+ <outer type="unsafe">
      <inner data="test"/>
  </outer>